Package evidence

@brave/[email protected]

no findings

Trust signals

Why this verdict

PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.

Weekly downloads: 20
Versions published: 4
First published: Dec 2022
Publisher: brave.com

Recommended action

Looks clean — keep monitoring

No high-signal indicators in the stored static report. PkgRadar will re-check on the next ingest pass.

Inspect tarball Add to CI gate

Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["@brave/[email protected]"],"fail_on":"review"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["@brave/[email protected]"],"fail_on":"review"}'

Publisherbrave.com

Artifact bytes26,413,365

Previous version0.2.223

Published2022-12-23T18:28:25.996Z

SHA-2562782af7e01cfec1ab4f236cd06aeb5d6e31b49821cbc125d23f093c2e78c5d4b

Why flagged

What the scanner saw

No high-signal static finding in the saved report.

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

low

44h agoLast checked

lowRisk

0Score

0.2.224Version

Status history (1 event)

new → available44h ago · risk low · score 0 · status changed

Evidence

Static findings

No findings stored for this release.

Manifest

Package metadata

Scripts31

buildrun-p build:*
build:maintsc -p tsconfig.json
build:moduletsc -p tsconfig.module.json
check-clirun-s test diff-integration-tests check-integration-tests
check-integration-testsrun-s check-integration-test:*
covrun-s build test:unit cov:html cov:lcov && open-cli coverage/index.html
cov:checknyc report && nyc check-coverage --lines 100 --functions 100 --branches 100
cov:htmlnyc report --reporter=html
cov:lcovnyc report --reporter=lcov
cov:sendrun-s cov:lcov && codecov
diff-integration-testsmkdir -p diff && rm -rf diff/test && cp -r test diff/test && rm -rf diff/test/test-*/.git && cd diff && git init --quiet && git add -A && git commit --quiet --no-verify --allow-empty -m 'WIP' && echo '\n\nCommitted most recent integration test output in the "diff" directory. Review the changes with "cd diff && git diff HEAD" or your preferred git diff viewer.'
docrun-s doc:html && open-cli build/docs/index.html
doc:htmltypedoc src/ --exclude **/*.spec.ts --target ES6 --mode file --out build/docs
doc:jsontypedoc src/ --exclude **/*.spec.ts --target ES6 --mode file --json build/docs/typedoc.json
doc:publishgh-pages -m "[ci skip] Updates" -d build/docs
fixrun-s fix:*
fix:linteslint src --ext .ts --fix
fix:prettierprettier "src/**/*.ts" --write
prepare-releaserun-s reset-hard test cov:check doc:html version doc:publish
prepublishrun-s build:*
purge:cdnrun-s purge:cdn:*
purge:cdn:solananpx req https://purge.jsdelivr.net/gh/brave/solana-token-list@main/src/tokens/solana.tokenlist.json
reset-hardgit clean -dfx && git reset --hard && npm i
testrun-s build test:*
test:linteslint src --ext .ts
test:prettierprettier "src/**/*.ts" --list-different
test:spellingcspell "{README.md,.github/*.md,src/**/*.ts}"
test:unitnyc --silent ava
versionstandard-version
watch:buildtsc -p tsconfig.json -w
…and 1 more.

Dependencies1

cross-fetch^3.1.5